This disclosure describes techniques for ensuring security in an integrated circuit system that includes a processor subsystem and a configurable-logic (e.g., FPGA) subsystem, which is capable of storing code executed by the processor. Techniques for utilizing the configurable-logic to control the process of booting a processor in the processor subsystem securely are described. Because the configurable-logic may be on the same die as the processor in the integrated circuit, the configurable-logic may securely boot the processor inside the security boundary of the package containing the die.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. An integrated circuit comprising: a hard processor subsystem comprising: processor circuitry comprising a processor; and a boot read only memory (ROM); a field programmable gate array (FPGA) subsystem comprising: FPGA circuitry comprising a FPGA core and a FPGA memory; and an interface coupled to the hard processor subsystem and the FPGA subsystem, wherein the interface is configured to transmit data and control signals between the hard processor subsystem and the FPGA subsystem; wherein the processor of the hard processor subsystem is configured to: execute a first set of boot instructions stored in the boot ROM of the hard processor subsystem to boot the processor; and read, via the interface, a second set of boot instructions from a program object file (POF) stored in the FPGA memory to boot the processor and execute the second set of boot instructions after the FPGA core has authenticated the POF and after the first set of boot instructions has been executed.
An integrated circuit (IC) securely boots a processor using an FPGA. The IC includes a processor subsystem with a processor and boot ROM, and an FPGA subsystem with an FPGA core and memory. An interface allows data transfer between the two subsystems. The processor first executes boot instructions from the boot ROM. Then, it reads further boot instructions from a program object file (POF) stored in the FPGA memory. The FPGA core authenticates the POF before the processor executes these FPGA-provided boot instructions, ensuring secure boot. The first set of boot instructions run before the FPGA checks the POF.
2. The integrated circuit of claim 1 , wherein the FPGA core, in response to authenticating the POF, sends a signal to the processor circuitry indicating that the processor circuitry execute the second set of boot instructions.
In the integrated circuit secure boot system, described where a processor boots using initial ROM instructions, followed by FPGA-authenticated instructions from a POF, the FPGA core sends a signal to the processor after successfully authenticating the POF. This signal triggers the processor to execute the second set of boot instructions from the POF. This confirmation signal ensures that the processor only proceeds with the FPGA-provided boot code if it is verified as authentic.
3. The integrated circuit of claim 2 , wherein the FPGA circuitry comprises data authentication circuitry for authenticating the POF and wherein the processor circuitry and the FPGA circuitry are located on the same package.
In the integrated circuit secure boot system where the processor boots using initial ROM instructions, followed by FPGA-authenticated instructions from a POF, and the FPGA signals the processor to continue after authenticating, the FPGA subsystem includes data authentication circuitry to verify the POF. Both the processor subsystem and the FPGA subsystem reside within the same physical package. This close proximity enhances security and reduces the risk of external tampering during the boot process.
4. The integrated circuit of claim 3 , wherein the boot ROM and the processor circuitry are located on the same die in the package.
In the integrated circuit secure boot system, as described with FPGA-authenticated POF instructions and the processor/FPGA in the same package, the boot ROM and the processor circuitry are fabricated on the same silicon die within that package. Integrating the boot ROM and processor on the same die provides additional physical security, reducing the possibility of unauthorized access or modification of the initial boot code.
5. The integrated circuit of claim 1 , wherein the FPGA core, in response to failing to authenticate the POF, declares boot failure.
In the integrated circuit secure boot system where the processor boots using initial ROM instructions, followed by FPGA-authenticated instructions from a POF, if the FPGA core fails to authenticate the POF, it declares a boot failure. This prevents the processor from executing potentially malicious or corrupted code and ensures the system does not boot with unverified software.
6. The integrated circuit of claim 1 , wherein the FPGA core holds the processor circuitry in a secure state while the FPGA core authenticates the POF.
In the integrated circuit secure boot system where the processor boots using initial ROM instructions, followed by FPGA-authenticated instructions from a POF, the FPGA core holds the processor circuitry in a secure, inactive state while it performs the POF authentication. This prevents the processor from prematurely executing any code from the POF before its integrity is verified, guarding against potential security vulnerabilities.
7. The integrated circuit of claim 1 , wherein the FPGA core causes data stored in a writable memory block included in the processor circuitry to be zeroed to ensure the processor circuitry is in a secure state.
In the integrated circuit secure boot system where the processor boots using initial ROM instructions, followed by FPGA-authenticated instructions from a POF, the FPGA core actively ensures a secure state by zeroing out data stored in writable memory blocks within the processor circuitry. This clears any potentially sensitive or compromised data from the processor's memory before proceeding with the boot process, reducing the risk of security breaches.
8. An integrated circuit comprising: a hard processor subsystem comprising processor circuitry, wherein the processor circuitry comprises a processor and a boot read only memory (ROM); and a field programmable gate array (FPGA) subsystem comprising FPGA circuitry, wherein the FPGA comprises a FPGA core and a FPGA memory; and an interface coupled to the hard processor subsystem and the FPGA subsystem, wherein the interface is configured to transmit data and control signals between the hard processor subsystem and the FPGA subsystem; wherein the FPGA circuitry of the FPGA subsystem: receives instructions in a program object file (POF); authenticates the POF using data authentication circuitry, wherein the POF is authenticated after a first set of instructions stored in the boot ROM is executed by the processor to boot the processor; sends a signal to the processor circuitry via the interface, said signal causing data stored in at least one writable memory block included in the processor circuitry to be scrambled; and resets the processor via the interface after scrambling the data stored in the at least one writeable memory block.
An integrated circuit (IC) uses an FPGA to ensure a secure boot process by scrambling memory. The IC includes a processor subsystem (processor, boot ROM) and an FPGA subsystem (FPGA core, memory), connected by an interface. The FPGA receives instructions in a program object file (POF). After the processor executes initial boot instructions from the ROM, the FPGA authenticates the POF. If authenticated, the FPGA sends a signal to the processor to scramble data in writable memory. Finally, the FPGA resets the processor, initiating the full system boot. This protects against code injection.
9. The integrated circuit of claim 8 , wherein the FPGA core, in response to failing to authenticate the POF, declares boot failure.
In the integrated circuit secure boot system where the FPGA authenticates the POF and scrambles processor memory, as described, if the FPGA core fails to authenticate the POF, it declares a boot failure. The processor is then prevented from booting with potentially compromised code, safeguarding the system's integrity.
10. The integrated circuit of claim 8 , wherein the first set of boot instructions stored in the boot ROM is non-secure code.
In the integrated circuit secure boot system where the FPGA authenticates the POF and scrambles processor memory, as described, the initial boot instructions stored in the boot ROM are non-secure code. This means they may be basic initialization routines but are not relied upon for high-level security. The subsequent FPGA-authenticated code provides the security-critical boot functionality.
11. The integrated circuit of claim 8 , further comprising the processor executing a second set of boot instructions stored in the FPGA memory based on the POF.
In the integrated circuit secure boot system where the FPGA authenticates the POF and scrambles processor memory, as described, the processor executes a second set of boot instructions which are stored in the FPGA memory within the POF. These FPGA-provided boot instructions are executed after the processor has performed its initial booting from the boot ROM.
12. The integrated circuit of claim 11 , wherein the second set of boot instructions stored in the FPGA memory is secure code.
In the integrated circuit secure boot system where the FPGA authenticates the POF and scrambles processor memory, as described, and the processor executes a second set of boot instructions from the POF, this second set of instructions represents secure code. This FPGA-provided code handles security-sensitive operations and ensures a trusted boot environment.
13. The integrated circuit of claim 8 , wherein the boot ROM and processor circuitry are located on the same die.
In the integrated circuit secure boot system where the FPGA authenticates the POF and scrambles processor memory, as described, the boot ROM and the processor circuitry are located on the same silicon die. Integrating the boot ROM and processor on the same die provides additional physical security and reduces tampering possibilities.
14. A method for performing a secure boot in an integrated circuit comprising processor circuitry of a hard processor subsystem and field programmable gate array (FPGA) circuitry of an FPGA subsystem, the method comprising: executing, via the processor circuitry of the hard processor subsystem, a first set of boot instructions stored in a boot read only memory (ROM) of the processor circuitry to boot the processor circuitry; and reading, via the processor circuitry and an interface coupled to the hard processor subsystem and the FPGA subsystem, a second set of boot instructions from a program object file (POF) stored in a FPGA memory of the FPGA circuitry of the FPGA subsystem to boot the processor circuitry; and executing, via the processor circuitry, the second set of boot instructions after a FPGA core of the FPGA circuitry has authenticated the POF and after the first set of boot instructions has been executed.
A method for secure booting an integrated circuit with a processor and FPGA involves the processor executing initial boot instructions from its ROM. Then, the processor reads a second set of boot instructions from a POF stored in the FPGA's memory. The FPGA core authenticates the POF. Only after the FPGA authenticates the POF, and after the first boot instructions have been executed, does the processor execute the second set of boot instructions from the POF.
15. The method of claim 14 , further comprising: in response to authenticating the POF, sending a signal to the processor circuitry indicating that the processor circuitry execute the second set of boot instructions.
In the secure boot method where the processor executes initial ROM instructions and then FPGA-authenticated POF instructions, the FPGA sends a signal to the processor to initiate execution of the second set of boot instructions in the POF. This signal is sent only after successful authentication of the POF.
16. The method of claim 15 , wherein the FPGA circuitry comprises data authentication circuitry for authenticating the POF and wherein the processor circuitry and the FPGA circuitry are located on the same package.
In the secure boot method with FPGA-authenticated POF instructions where the FPGA signals the processor, the FPGA circuitry includes data authentication circuitry for validating the POF. The processor and FPGA circuitry are physically located within the same package, which improves security and reduces the risk of external interference.
17. The method of claim 16 , wherein the boot ROM and the processor circuitry are located on the same die in the package.
In the secure boot method with FPGA-authenticated POF instructions, FPGA signaling, and processor/FPGA in the same package, the boot ROM and the processor circuitry reside on the same die within that package. This physical co-location strengthens security.
18. The method of claim 14 , further comprising: in response to failing to authenticate the POF, declaring boot failure.
In the secure boot method where the processor executes initial ROM instructions and then FPGA-authenticated POF instructions, if the FPGA fails to authenticate the POF, the system declares a boot failure. This prevents the execution of potentially malicious code.
19. The method of claim 14 , further comprising holding the processor circuitry in a secure state while the FPGA circuitry authenticates the POF.
In the secure boot method where the processor executes initial ROM instructions and then FPGA-authenticated POF instructions, the processor circuitry is held in a secure, inactive state while the FPGA authenticates the POF. This prevents the processor from prematurely executing unverified code.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
March 7, 2014
March 21, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.